You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!

I see viewpoint installed,Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok. Then click execute in Brute Force Uninstaller.

Extra note:If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-windowBrowse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.

Wait for the complete script execution box to popup and press OK.Press exit to terminate the BFU program

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update.

Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesDon't run it yet.

* Reboot into Safe Mode`: ( without networking support !)°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

* Please set your system to show all files. Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

Please hide your hidden files and folders afterwards again, because above instructions to set your system to show all files, unhide legit files and folders as well.And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

* Clean your Cache and Cookies in IE:

Close all instances of Outlook Express and Internet Explorer

Go to Control Panel > Internet Options > General tab

Click the "Delete Cookies" button

Next to it, Click the "Delete Files" button

When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

Go to Tools > Options.

Click Privacy in the menu on the left side of the Options window.

Click the Clear button located to the right of each option (History, Cookies, Cache).

Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

* Clean other Temporary files + Recycle bin

Go to start > run and type: cleanmgr and click ok.

Let it scan your system for files to remove.

Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.

Press OK to remove them.

* Open Ewido anti-malware Click on scanner

* Click Complete System Scan and the scan will begin. * During the scan it will prompt you to clean files, click OK * When the scan is finished, look at the bottom of the screen and click the Save report button. * Save the report to your desktop

Close EwidoReboot your computer back to normal mode!!

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)Panda Online- Once you are on the Panda site click the Scan your PC button- A new window will open...click the Check Now button- Enter your Country- Enter your State/Province- Enter your e-mail address and click send- Select either Home User or Company- Click the big Scan Now button- If it wants to install an ActiveX component allow it- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)- When download is complete, click on Local Disks to start the scan- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.Post the contents of the Panda scan report together with the contents of ewido-log present on your desktop and a new HiJackThis log.

I also need an extra log, so we can find the cause of your problem, because it looks like hijackthis isn't showing.

So perform next:

Download Silent RunnersUnzip it to a permanent folder.Start SilentRunners.vbsWhen your antivirus is giving an alert, do not block this. Allow the script.Please wait until it prompts you the scan is finished!Copy and paste the content of the txtfile you get afterwards in your next reply together with a new hijackthislog.

----------+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box.---------- (total run time: 493 seconds, including 6 seconds for message boxes)

Save this as fix.reg Choose to save as *all files and place it on your desktop.It should look like this: Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

To keep this clean in the future, I would suggest the following things:

Install SpywareblasterSpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.* Don't click on links inside popups.* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Effective October 11, 2006, Windows XP SP1 and SP1a will transition to a non-supported status. After this date, Microsoft will no longer provide any incident support options or security updates. Existing support documents, however, will continue to be available through the Microsoft Support Product Solution Center Web site.http://support.microsoft.com/gp/lifean19So make sure your windows has the latest updates and update asap to SP2: http://windowsupdate.microsoft.com/